Slashdot videos: Now with more Slashdot!

View

Discuss

Share

We've improved Slashdot's video section; now you can view our video interviews, product close-ups and site visits with all the usual Slashdot options to comment, share, etc. No more walled garden! It's a work in progress -- we hope you'll check it out (Learn more about the recent updates).

RooTchO writes "Included in this release is the new Extended Security Features, Improved/Additional sysctl parameters. New binaries in this release are: pfradix, pfsyncd, aclctl, netacl, getfacl, setfacl and cgdconfig. We have added chrooted sshd, apache, bind. Special files to also see are /etc/sysctl.conf, /etc/acl.conf and /etc/sshd/sshd_conf. And many new other goodies :)))"

I hate going to a site about software and its a slash style setup. I would say its a kludge to shoe horn what should be a brochure type site into a slash style site but kludges work.Having said that could someone explain a bit about microbsd and what it is compared to something like freebsd? Is this something where I would use in an embedded style application or what? I've got some home projects in mind where a small light standards based os would be beneficial.

I believe for the embedded apps you want something more like PicoBSD. I think there are even small embedded systems being sold with that, but I'm not 100% sure. Their site should have a list of compatible hardware however.

IT claims securiy. I thought OpenBSD did fine. It claims small footprint. I though NetBSD did that job. It claims best features of Freebsd+Net+Open but I didnt find the token ring driver in it...

FreeBSD unifying with NetBSD and OpenBSD would be news, but this really isnt.

Look Ma! I glued this to that, and have a new OS. At the risk of sounding like a troll, I'll say this isnt a useful OS and its goals [microbsd.net] arent convincing at least to me. These developers can better spend their time enhancing the existing BSD's and moving features from one BSD to another. That wouldnt make news but would be more useful.

For some reason I don't think the authors of MicroBSD care about your opinion.

True enough, however I think that person was essentially on the money. These energies are probably better spent on enhancing one of the existing BSDs. As both a BSD user and contributor, I know I would prefer to see the forks of BSD stop and either stay as they are, or unify for mutual benefit... than wither on the vine as these separate projects.

But then part of me says that's just how it goes. People might have philosophical differences between themselves and the core developers of the existing BSDs, so they make their own fork to satisfy themselves... if not to serve people like them.

We can only hope that the BSDs learn how to do more code-sharing than they have been. And hope that the developers become more friendly and find new ways to encourage people to make code contributions.

I'm not suggesting that they should all homogenize, but they should try to offer the same features, perhaps presented and managed differently. Then people can pick the best subjective fit for them, and it doesn't matter which one they choose, because it's BSD, and they all more or less universally do the same exact thing...

That'd be the perfect-picture scenario, but alas.

I'm hedging my bets on FreeBSD, particularly with the 5.x branch. The only thing the FreeBSD project needs is more platforms, and some improvements to the ports system. (Yes, I believe that they have been leapfrogged by Gentoo's implementation of ports).

I assume it just means that sshd now drops root priviledges after it binds to it's network port. This enables it to run securely under a chroot jail, since running programs as root in a jail enables a hacker to be able to "break out" if he/she can exploit a security hole in the program, and defeats the purpose of using chroot.

Well if sshd drops privlidges after it binds to a privlidged port, it can't authenticate users, as it would have no access to passwords, and it can't give users access to their home directories, as it would be chrooted.

Yes, there are ways to check passwords without being root... I sincerely doubt that 99.9% of them would work if the user whom is trying to do the authentication is chrooted. At the very least, they would have to have an SUID executable to perform thauthentication, which would almost completely defeat the purpose of chrooting SSHd. Besides, sshd still wouldn't have access to user's home directories.

I would just point out that it does, in fact, seem possible to run ssh chroot as this document [debian.org] indicates. The user passwords and home directories would, of course, have to be included in the jail as well. It's not something that can be used for system administration, obviously.

Well, my 15-second perusal of their site [microbsd.net] has thoroughly convinced me to steer clear of their project. I can figure out the "BSD" part of the name, but what does "micro" mean? Is it for embedded machines? Is it a floppy distro? Is it just a small distro? Maybe it is BSD for microcomputers, and they don't know about Free/Net/OpenBSD.

The first thing I see when I go to the FreeBSD [freebsd.org] website is this:

FreeBSD is an advanced operating system for x86 compatible, DEC Alpha, and PC-98 architectures. It is derived from BSD UNIX, the version of UNIX developed at the University of California, Berkeley. It is developed and maintained by a large team of individuals. Additional platforms are in various stages of development.

In my 15-second perusal of the FreeBSD site, I get a good idea of what FreeBSD is. The only impression I get from the MicroBSD site is that they care more about blogwhoring than about writing any real software.

Frankly, branching a new distro for some petty reason (I'm going to assume that's what it is since it is so damn hard to find out) instead of contributing tools and patches to an existing BSD seems just a tad too reminiscent of that other large free OS community.